hjworktree-cli 2.1.0 → 2.3.0

package/dist/web/index.html

@@ -7,7 +7,7 @@
   <link rel="preconnect" href="https://fonts.googleapis.com">
   <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
   <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
-  <script type="module" crossorigin src="/assets/index-D8dr9mJa.js"></script>
+  <script type="module" crossorigin src="/assets/index-De6xm4hO.js"></script>
   <link rel="stylesheet" crossorigin href="/assets/index-CsixHL-D.css">
 </head>
 <body>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hjworktree-cli",
-  "version": "2.1.0",
+  "version": "2.3.0",
   "description": "Web-based git worktree parallel AI coding agent runner",
   "type": "module",
   "main": "dist/server/index.js",
@@ -15,6 +15,7 @@
     "build:server": "tsc",
     "build:web": "vite build --config web/vite.config.ts",
     "start": "node dist/server/index.js",
+    "postinstall": "node scripts/fix-pty-permissions.js",
     "prepublishOnly": "npm run build"
   },
   "keywords": [
@@ -37,7 +38,7 @@
   "dependencies": {
     "cors": "^2.8.5",
     "express": "^4.21.0",
-    "node-pty": "^1.0.0",
+    "node-pty": "^1.1.0",
     "open": "^10.1.0",
     "simple-git": "^3.27.0",
     "socket.io": "^4.7.5"

package/scripts/fix-pty-permissions.js

@@ -0,0 +1,89 @@
+#!/usr/bin/env node
+
+/**
+ * Fix node-pty spawn-helper permissions on macOS/Linux
+ *
+ * This script addresses the posix_spawnp failed error that occurs when
+ * spawn-helper lacks execute permissions after npm install.
+ *
+ * Reference: https://github.com/microsoft/node-pty/issues/670
+ */
+
+import { chmod, access, constants } from 'fs';
+import { resolve, dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+// Skip on Windows
+if (process.platform === 'win32') {
+  process.exit(0);
+}
+
+// Possible spawn-helper locations
+const possiblePaths = [
+  // When installed as dependency
+  resolve(__dirname, '../node_modules/node-pty/build/Release/spawn-helper'),
+  // When this package is installed globally
+  resolve(__dirname, '../node_modules/.pnpm/node-pty@1.1.0/node_modules/node-pty/build/Release/spawn-helper'),
+  // Direct prebuild location
+  resolve(__dirname, '../node_modules/node-pty/prebuilds'),
+];
+
+// Find and fix spawn-helper permissions
+async function fixPermissions() {
+  for (const spawnHelperPath of possiblePaths) {
+    try {
+      await new Promise((resolve, reject) => {
+        access(spawnHelperPath, constants.F_OK, (err) => {
+          if (err) reject(err);
+          else resolve();
+        });
+      });
+
+      // File exists, set execute permission
+      await new Promise((resolve, reject) => {
+        chmod(spawnHelperPath, 0o755, (err) => {
+          if (err) reject(err);
+          else resolve();
+        });
+      });
+
+      console.log(`[fix-pty-permissions] Fixed: ${spawnHelperPath}`);
+    } catch {
+      // File doesn't exist at this path, try next
+    }
+  }
+
+  // Also try to find spawn-helper recursively in node_modules
+  try {
+    const { execSync } = await import('child_process');
+    const result = execSync(
+      'find node_modules -name "spawn-helper" -type f 2>/dev/null || true',
+      { cwd: resolve(__dirname, '..'), encoding: 'utf-8' }
+    );
+
+    const files = result.trim().split('\n').filter(Boolean);
+    for (const file of files) {
+      try {
+        const fullPath = resolve(__dirname, '..', file);
+        await new Promise((resolve, reject) => {
+          chmod(fullPath, 0o755, (err) => {
+            if (err) reject(err);
+            else resolve();
+          });
+        });
+        console.log(`[fix-pty-permissions] Fixed: ${fullPath}`);
+      } catch {
+        // Ignore errors for individual files
+      }
+    }
+  } catch {
+    // find command failed, ignore
+  }
+}
+
+fixPermissions().catch(() => {
+  // Don't fail the install if this script fails
+  process.exit(0);
+});

package/server/routes/api.ts

@@ -125,6 +125,13 @@ export function apiRouter(cwd: string): Router {
         return;
       }
 
+      // SECURITY: Never delete main worktree
+      if (worktree.isMainWorktree) {
+        console.warn(`[SECURITY] API blocked attempt to delete main worktree: ${name}`);
+        res.status(403).json({ error: 'Cannot delete main worktree' });
+        return;
+      }
+
       await worktreeService.removeWorktree(worktree.path);
       res.json({ success: true });
     } catch (error) {

package/server/services/worktreeService.ts

@@ -1,6 +1,7 @@
 import { simpleGit, SimpleGit } from 'simple-git';
 import path from 'path';
 import fs from 'fs/promises';
+import { realpathSync, statSync } from 'fs';
 import type { Worktree } from '../../shared/types/index.js';
 
 export class WorktreeService {
@@ -13,11 +14,56 @@ export class WorktreeService {
     this.git = simpleGit(cwd);
   }
 
+  /**
+   * Safely resolves a path to its real path, handling symlinks.
+   * Returns null if path cannot be resolved.
+   */
+  private safeRealpath(targetPath: string): string | null {
+    try {
+      return realpathSync(targetPath);
+    } catch {
+      return null;
+    }
+  }
+
+  /**
+   * Checks if a path is a linked worktree (has .git file) vs main repo (has .git directory).
+   * Linked worktrees have a .git FILE that points to the main .git directory.
+   * Main repo has a .git DIRECTORY.
+   */
+  private isLinkedWorktree(worktreePath: string): boolean {
+    const gitPath = path.join(worktreePath, '.git');
+    try {
+      const stat = statSync(gitPath);
+      // .git is a directory = main repository
+      // .git is a file = linked worktree
+      return !stat.isDirectory();
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Checks if the given path is the main repository.
+   */
+  private isMainRepository(targetPath: string): boolean {
+    const resolvedTarget = this.safeRealpath(targetPath);
+    const resolvedRoot = this.safeRealpath(this.rootDir);
+
+    if (!resolvedTarget || !resolvedRoot) {
+      // If we can't resolve paths, assume it might be main repo (fail safe)
+      return true;
+    }
+
+    return resolvedTarget === resolvedRoot;
+  }
+
   async listWorktrees(): Promise<Worktree[]> {
     const result = await this.git.raw(['worktree', 'list', '--porcelain']);
     const worktrees: Worktree[] = [];
 
     const entries = result.trim().split('\n\n').filter(Boolean);
+    const resolvedRootDir = this.safeRealpath(this.rootDir);
 
     for (const entry of entries) {
       const lines = entry.split('\n');
@@ -26,10 +72,17 @@ export class WorktreeService {
       const branch = branchLine?.replace('branch refs/heads/', '');
 
       if (worktreePath) {
+        // Determine if this is the main worktree using realpath comparison
+        const resolvedWorktreePath = this.safeRealpath(worktreePath);
+        const isMainWorktree = resolvedWorktreePath !== null &&
+                               resolvedRootDir !== null &&
+                               resolvedWorktreePath === resolvedRootDir;
+
         worktrees.push({
           path: worktreePath,
           branch: branch || 'detached',
           name: path.basename(worktreePath),
+          isMainWorktree,
         });
       }
     }
@@ -72,6 +125,7 @@ export class WorktreeService {
       path: worktreePath,
       branch: newBranchName,
       name: worktreeName,
+      isMainWorktree: false,  // Created worktrees are always linked, not main
     };
   }
 
@@ -103,28 +157,66 @@ export class WorktreeService {
   }
 
   async removeWorktree(worktreePath: string): Promise<void> {
+    // SECURITY GUARD 1: Use realpathSync for symlink resolution
+    const resolvedWorktreePath = this.safeRealpath(worktreePath);
+    const resolvedRootDir = this.safeRealpath(this.rootDir);
+
+    // If we cannot resolve paths, abort for safety
+    if (!resolvedWorktreePath) {
+      console.warn(`[SECURITY] Cannot resolve worktree path: ${worktreePath}. Aborting deletion.`);
+      return;
+    }
+
+    if (!resolvedRootDir) {
+      console.warn(`[SECURITY] Cannot resolve root directory path. Aborting deletion.`);
+      return;
+    }
+
+    // SECURITY GUARD 2: Check exact match with main repo
+    if (resolvedWorktreePath === resolvedRootDir) {
+      console.warn(`[SECURITY] Attempted to remove main repository: ${worktreePath}. Ignoring.`);
+      return;
+    }
+
+    // SECURITY GUARD 3: Check if path is inside main repo
+    if (resolvedWorktreePath.startsWith(resolvedRootDir + path.sep)) {
+      console.warn(`[SECURITY] Attempted to remove path inside main repository: ${worktreePath}. Ignoring.`);
+      return;
+    }
+
+    // SECURITY GUARD 4: Check if main repo is inside target path (catastrophic prevention)
+    if (resolvedRootDir.startsWith(resolvedWorktreePath + path.sep)) {
+      console.warn(`[SECURITY] Attempted to remove parent of main repository: ${worktreePath}. Ignoring.`);
+      return;
+    }
+
+    // SECURITY GUARD 5: Verify it's actually a linked worktree (has .git FILE, not directory)
+    const isLinked = this.isLinkedWorktree(worktreePath);
+    if (!isLinked) {
+      console.warn(`[SECURITY] Path is not a linked worktree (missing .git file or has .git directory): ${worktreePath}. Ignoring.`);
+      return;
+    }
+
     const branchName = path.basename(worktreePath);
 
+    // CRITICAL: Only use git worktree remove - NEVER use fs.rm() as fallback
     try {
-      // 1. Force remove worktree
       await this.git.raw(['worktree', 'remove', worktreePath, '--force']);
-    } catch {
-      // 2. If worktree remove fails, try to remove directory manually
-      try {
-        await fs.rm(worktreePath, { recursive: true, force: true });
-      } catch {
-        // Ignore errors
-      }
+    } catch (error) {
+      // Log the error but DO NOT fall back to fs.rm
+      console.error(`[SECURITY] Failed to remove worktree via git: ${worktreePath}`, error);
+      // Propagate error instead of dangerous fallback
+      throw new Error(`Failed to remove worktree: ${error instanceof Error ? error.message : 'Unknown error'}`);
     }
 
-    // 3. CRITICAL: Prune orphan worktree references
+    // Prune orphan worktree references
     try {
       await this.git.raw(['worktree', 'prune']);
     } catch {
-      // Ignore prune errors
+      // Ignore prune errors - non-critical
     }
 
-    // 4. Now we can safely delete the branch
+    // Delete the branch
     try {
       await this.git.branch(['-D', branchName]);
     } catch {
@@ -137,8 +229,25 @@ export class WorktreeService {
   async removeAllWorktrees(): Promise<void> {
     const worktrees = await this.listWorktrees();
 
-    // Filter out the main worktree (usually the first one / the main repo)
-    const additionalWorktrees = worktrees.filter(wt => wt.path !== this.rootDir);
+    // Filter out the main worktree using the isMainWorktree flag and path comparison
+    const additionalWorktrees = worktrees.filter(wt => {
+      // Primary check: use isMainWorktree flag
+      if (wt.isMainWorktree) {
+        console.log(`[SECURITY] Skipping main worktree in removeAll: ${wt.path}`);
+        return false;
+      }
+
+      // Secondary check: realpath comparison as defense in depth
+      const resolvedPath = this.safeRealpath(wt.path);
+      const resolvedRoot = this.safeRealpath(this.rootDir);
+
+      if (resolvedPath && resolvedRoot && resolvedPath === resolvedRoot) {
+        console.warn(`[SECURITY] Detected main worktree via realpath (flag was false): ${wt.path}`);
+        return false;
+      }
+
+      return true;
+    });
 
     for (const worktree of additionalWorktrees) {
       try {
@@ -187,6 +296,13 @@ export class WorktreeService {
         continue;
       }
 
+      // SECURITY: Never delete main worktree
+      if (worktree.isMainWorktree) {
+        console.warn(`[SECURITY] Blocked attempt to delete main worktree by name: ${name}`);
+        results.failed.push({ name, error: 'Cannot delete main worktree' });
+        continue;
+      }
+
       try {
         await this.removeWorktree(worktree.path);
         results.deleted.push(name);

package/server/socketHandlers.ts

@@ -1,6 +1,6 @@
 import { Server, Socket } from 'socket.io';
 import * as pty from 'node-pty';
-import type { IPty } from 'node-pty';
+import type { IPty, IPtyForkOptions } from 'node-pty';
 import type {
   TerminalCreateData,
   TerminalInputData,
@@ -9,6 +9,101 @@ import type {
   AgentId
 } from '../shared/types/index.js';
 import { AI_AGENTS } from '../shared/constants.js';
+import fs, { realpathSync } from 'fs';
+import path from 'path';
+import { promisify } from 'util';
+
+const access = promisify(fs.access);
+
+// Environment and path utilities for macOS compatibility
+function sanitizeEnv(env: NodeJS.ProcessEnv): Record<string, string> {
+  const sanitized: Record<string, string> = {};
+  for (const [key, value] of Object.entries(env)) {
+    if (typeof value === 'string' && value.length > 0) {
+      sanitized[key] = value;
+    }
+  }
+  return sanitized;
+}
+
+function normalizePath(targetPath: string): string {
+  try {
+    const absolutePath = path.resolve(targetPath);
+    return realpathSync(absolutePath);
+  } catch {
+    return path.resolve(targetPath);
+  }
+}
+
+// Validation utilities
+async function validatePath(pathToCheck: string): Promise<{ valid: boolean; error?: string }> {
+  try {
+    await access(pathToCheck, fs.constants.R_OK | fs.constants.X_OK);
+    return { valid: true };
+  } catch (error) {
+    return {
+      valid: false,
+      error: error instanceof Error ? error.message : 'Path not accessible'
+    };
+  }
+}
+
+async function validateShell(shell: string): Promise<{ valid: boolean; error?: string }> {
+  if (process.platform === 'win32') {
+    return { valid: true };
+  }
+  try {
+    await access(shell, fs.constants.X_OK);
+    return { valid: true };
+  } catch (error) {
+    return {
+      valid: false,
+      error: `Shell not executable: ${shell}`
+    };
+  }
+}
+
+// PTY spawn with retry logic
+async function spawnWithRetry(
+  shell: string,
+  args: string[],
+  options: IPtyForkOptions,
+  maxRetries: number = 3
+): Promise<IPty> {
+  let lastError: Error | null = null;
+
+  for (let attempt = 0; attempt < maxRetries; attempt++) {
+    try {
+      const ptyProcess = pty.spawn(shell, args, options);
+      return ptyProcess;
+    } catch (error) {
+      lastError = error instanceof Error ? error : new Error(String(error));
+      console.error(`[PTY] Spawn attempt ${attempt + 1}/${maxRetries} failed:`, lastError.message);
+
+      if (attempt < maxRetries - 1) {
+        const delay = Math.pow(2, attempt) * 100;
+        await new Promise(resolve => setTimeout(resolve, delay));
+      }
+    }
+  }
+
+  throw lastError || new Error('Failed to spawn PTY after retries');
+}
+
+// Spawn interval control to prevent resource contention
+let lastSpawnTime = 0;
+const MIN_SPAWN_INTERVAL = 150;
+
+async function waitForSpawnInterval(): Promise<void> {
+  const now = Date.now();
+  const elapsed = now - lastSpawnTime;
+
+  if (elapsed < MIN_SPAWN_INTERVAL) {
+    await new Promise(resolve => setTimeout(resolve, MIN_SPAWN_INTERVAL - elapsed));
+  }
+
+  lastSpawnTime = Date.now();
+}
 
 interface TerminalSession {
   pty: IPty;
@@ -25,7 +120,20 @@ function getAgentCommand(agentType: AgentId): string {
 }
 
 function getShell(): string {
-  return process.platform === 'win32' ? 'powershell.exe' : process.env.SHELL || '/bin/bash';
+  if (process.platform === 'win32') {
+    return 'powershell.exe';
+  }
+
+  const shellPath = process.env.SHELL || '/bin/bash';
+
+  try {
+    const resolvedShell = realpathSync(shellPath);
+    fs.accessSync(resolvedShell, fs.constants.X_OK);
+    return resolvedShell;
+  } catch {
+    // Fallback: use shell name only (let PATH resolve it)
+    return path.basename(shellPath);
+  }
 }
 
 export function setupSocketHandlers(io: Server, cwd: string) {
@@ -42,17 +150,35 @@ export function setupSocketHandlers(io: Server, cwd: string) {
         const shell = getShell();
         const agentCommand = getAgentCommand(agentType);
 
-        const ptyProcess = pty.spawn(shell, [], {
+        // Validate path before spawning
+        const pathValidation = await validatePath(worktreePath);
+        if (!pathValidation.valid) {
+          throw new Error(`Invalid worktree path: ${pathValidation.error}`);
+        }
+
+        // Validate shell before spawning
+        const shellValidation = await validateShell(shell);
+        if (!shellValidation.valid) {
+          throw new Error(`Invalid shell: ${shellValidation.error}`);
+        }
+
+        // Wait for spawn interval to prevent resource contention
+        await waitForSpawnInterval();
+
+        // Normalize cwd path (resolve symlinks like /tmp -> /private/tmp on macOS)
+        const normalizedCwd = normalizePath(worktreePath);
+
+        const ptyProcess = await spawnWithRetry(shell, [], {
           name: 'xterm-256color',
           cols: 120,
           rows: 30,
-          cwd: worktreePath,
-          env: {
+          cwd: normalizedCwd,
+          env: sanitizeEnv({
             ...process.env,
             TERM: 'xterm-256color',
             FORCE_COLOR: '1',
             COLORTERM: 'truecolor',
-          } as Record<string, string>,
+          }),
         });
 
         sessions.set(sessionId, {

package/shared/constants.ts

@@ -31,5 +31,5 @@ export const DEFAULT_PARALLEL_COUNT = 3;
 export const BRANCH_POLL_INTERVAL = 5000; // 5 seconds
 
 export const APP_NAME = 'hjWorktree CLI';
-export const APP_VERSION = '2.0.0';
+export const APP_VERSION = '2.3.0';
 export const DEFAULT_PORT = 3847;

package/shared/types/index.ts

@@ -51,6 +51,7 @@ export interface Worktree {
   path: string;
   branch: string;
   name: string;
+  isMainWorktree: boolean;
 }
 
 // Socket.IO event types